Its actually a pretty well-solved problem PGP has been with us for quite a while, the issue around private conversation is that its just too technically challenging to participate in it cause the toolchains and software to facilitate it are terrible.
What if we did have asymmetric keys. They have passwords on them why not have a system where the private key is SSL’d over to your browser from the server where you decrypt the Private key client side. Which then allows you to decrypt 1v1 conversations. But if you want to exit the realm of a 1v1 conversation it then is stated clearly as viewable by the mods/admins?
The password then becomes the weak link so if someone did obtain the PGP private key from the server and your password from you then you have a problem. From what I understand solutions like hush mail and other things like that have had something like this for ages.
Wouldn’t it just be easier to Message a member with
“Can I email you about something private?”
Putting myself in danger of sounding like a smug ass, I’ll quote a few relevant tidbits. Hopefully this doesn’t come off poorly.
I mean as it stands its not really within the scope of what I imagine this project is about. Its not intended to be a safe haven forum software but it would be really nice to have.
My point is if the concern is that Admins aren’t trusted, take care with what is posted.
If you want 100% privacy, well, welcome to the 21st century. Unless you keep it in your head it’s “out there”
I see “private conversation” as a completely different feature, it can be done, it is done daily by many people, but there are very few pieces of software out there that allow you to engage in private conversation without jumping through enormous amounts of hoops.
You are correct, GnuPG and other PGP-based systems can be used to accomplish much of what is requested here. However, you reiterated the point that I made: these tools are far from easy to use, and most importantly, there is nothing hosted. Making a hosted system that provides enough ease of use for your Aunt Martha to be able to use it, but still provides the desired level of security, is the real challenge.
I haven’t read everything here, but if it is an external plugin, you could leverage something like this:
https://www.tbray.org/ongoing/When/201x/2014/03/19/Keybase
Keybase solves the issue of verifying keys, so maybe the plugin could hook into keybase and only users that have hooked up their profile from keybase could verify each other.
Closing this as yes this is both possible and done!